3
LOGO Introduction Mobile phones are becoming pervasive. There is one mobile phone every two person in the world. Given the advances : users start to consider a mobile phone a personal information processing tool users expect to execute any application on top of a mobile device One way to overcome this limitation is mobile cloud computing 3/25

4
LOGO Mobile Devices as a virtual cloud computing provider Motivation and Scenario On an economical basis, accessing cloud computing providers is associated with two costs: The cost of networking The cost of using the providers resources Design Considerations Resource monitoring and management Seamless integration with the existing cloud APIs Activity detection to find users of the same or similar goals A memory cache scheme to save intermediate results …. 4/25

7
LOGO Current Implementation (cont.) The Application Manager is in charge of launching and intercepting an application at loading time The Resource Manager is in charge of application profiling and resource monitoring on a local device The Context Manager wields and synchronizes contextual information from context widgets The Offloading manager component is in charge of sending and managing jobs from the node to other remote devices 7/25

8
LOGO Current Implementation (cont.) This project consists of two sub implementations: Cloud computing provider client Ad Hoc mobile cloud framework Both are developed based on Hadoop (a cloud computing platform from Apache.) Communication between devices is based on the Extensible Messaging and Presence Protocol (XMPP) 8/25

9
LOGO Another application platform for mobile (elastic framework) An elastic application can consist of one or more weblets which function independently, but communicate with each other. Elasticity manager running on the device monitors the resource requirements of the weblets of the application Elasticity manager talks to an Elasticity service residing on the cloud on which cloud node it should be launched, and how much storage should be allocated Elasticity manager can also make decisions about: migrating running weblets from the device to cloud or from cloud to device 9/25

11
LOGO Exisiting challenges A new application model is needed in order to launch or migrate some parts of an application in the cloud and others on the device. An appropriate protocol is needed between weblets during runtime to: synchronize the state of the application respond to state change or user actions A set of cost objective functions are needed which should be optimized when elastic scheduling decisions are made, such as when and where to migrate weblets Security And Privacy 11/25

12
LOGO Elastic Framework Architecture) A typical elastic application includes: UI component and one or more weblets Device elasticity manager (DEM) : Where the applications components (weblets) are located Selects paths used for communication with weblets Runs an optimizer which is responsible for determining the best application conguration given costs and user goals cloud elasticity service (CES) : cloud manager, application manager, and sensing information collection provides a web service, referred to as the cloud fabric interface (CFI) 12/25

14
LOGO Elastic Application Model Partitions of an elastic application Each application should be partitioned into components called weblets. A weblets functionality should not be affected by the location or environment where it is running. Data dependency of weblets An elastic application should allow reasonable data dependency between weblets Communication protocols between weblets Lightweight web services protocols such as REST are used in this framework 14/25

15
LOGO Threat Model Threats to Mobile Devices Malware targeting mobile devices e.g : A malware can change the battery status of the device thus DEM does not make decision of ofoading execution when an application is launched Threats to Cloud Platform and Application Container Malicious entities e.g : Can change network and cost settings, or even cloud sensing information to confuse the CES into making decisions Threats to Communication Channels Code Red, and SQL Slammer MITM (Man-In-The-Middle), DDoS (Distributed-Denial-Of- Service) 15/25

16
LOGO Security Objectives Trustworthy weblet containers (or VMs) on both device and cloud Weblets must be installed and execute in trusted runtime environments in all locations. Authentication and secure session management The elastic framework should provide a mechanism to authenticate weblets belonging to the same application and user to each other Authorization and access control A weblet on the cloud should adhere to the property of least privileges Logging and auditing Behaviors of weblets should be logged and audited routinely to prevent malicious activities 16/25

18
LOGO Authorization of Weblets Shared user credentials A hostile environment on cloud node can save the user credentials and impersonate the user later. Shared session information After a device weblet authenticates with the web server, it should share wsk and wss with other weblets. Using session information only on device weblet Whenever a cloud weblet needs access to user data on external web services, it forwards the requests to the authenticated device weblet OAuth-like [3] authentication 18/25

20
LOGO Trust Cube And Implicit Authentication TrustCube assumes a federated authentication framework,such as OpenID. Implicit authentication is used to identify users by their habits, as opposed to their belongings, memorized data, and biometrics. The use of implicit authentication implies a policy-based authentication framework 20/25

21
LOGO High-level Architecture The policy includes three parts: The access request The information to be collected from client devices or data aggregator for this access request Rule to generate the authentication result. 21/25

22
LOGO Implementation Approach client side agent was developed on Android which collects two kinds of data: First, it collects a users context and activities Second, during authentication, it collects information about the phone The service is developed in Java and deployed as an Amazon EC2 instance and encapsulated as an AMI (Amazon Machine Image) 22/25

23
LOGO Conclusion Based on the result of executing the first framework: The approach over small files shows that the execution of tasks is slightly slower than executing it directly on the mobile device (less than 1% slower in average) More over multiple small files trigger memory problems (hadoop problem) Also Cloud computing has brought new challenges and opportunities for authentication. There is increasing demand for usable authentication to access services and data for both enterprises and consumers. There is another trend that is important to understand in the context of cloud computing and authentication: the shift in platforms from traditional PCs toward smart phones and other mobile platforms. 23/25